@sunnoy/wecom 1.5.1 → 1.6.2

package/README.md

@@ -21,7 +21,7 @@
 ### 动态 Agent 与隔离
 - **动态 Agent 管理**: 默认按"每个私聊用户 / 每个群聊"自动创建独立 Agent。每个 Agent 拥有独立的工作区与对话上下文，实现更强的数据隔离。
 - **群聊深度集成**: 支持群聊消息解析，可通过 @提及（At-mention）精准触发机器人响应。
-- **管理员用户**: 可配置管理员列表，绕过指令白名单和动态 Agent 路由限制。
+- **管理员用户**: 可配置管理员列表，默认绕过指令白名单；可选开启“绕过动态 Agent 路由”。
 - **指令白名单**: 内置常用指令支持（如 `/new`、`/status`），并提供指令白名单配置功能。
 
 ### 多媒体支持
@@ -37,7 +37,7 @@
 
 ## 前置要求
 
-- 已安装 [OpenClaw](https://github.com/openclaw/openclaw) (版本 2026.1.30+)
+- 已安装 [OpenClaw](https://github.com/openclaw/openclaw) (版本 2026.3.2+)
 - 企业微信管理后台权限，可创建智能机器人应用或自建应用
 - 可从企业微信访问的服务器地址（HTTP/HTTPS）
 
@@ -124,6 +124,9 @@ npm run test:e2e
         "enabled": true,
         "allowlist": ["/new", "/status", "/help", "/compact"]
       },
+      "network": {
+        "egressProxyUrl": "http://your-proxy-host:8080"
+      },
       "agent": {
         "corpId": "企业 CorpID",
         "corpSecret": "应用 Secret",
@@ -149,7 +152,7 @@ npm run test:e2e
 | `plugins.entries.wecom.enabled` | boolean | 是 | 启用插件 |
 | `channels.wecom.token` | string | 是* | 企业微信机器人 Token (*Bot 模式必填) |
 | `channels.wecom.encodingAesKey` | string | 是* | 消息加密密钥（43 位）(*Bot 模式必填) |
-| `channels.wecom.adminUsers` | array | 否 | 管理员用户 ID 列表（绕过指令白名单和动态路由） |
+| `channels.wecom.adminUsers` | array | 否 | 管理员用户 ID 列表（绕过指令白名单） |
 | `channels.wecom.commands.enabled` | boolean | 否 | 是否启用指令白名单过滤（默认 true） |
 | `channels.wecom.commands.allowlist` | array | 否 | 允许的指令白名单 |
 
@@ -160,6 +163,7 @@ npm run test:e2e
 | 配置项 | 类型 | 必填 | 说明 |
 |--------|------|------|------|
 | `channels.wecom.dynamicAgents.enabled` | boolean | 否 | 是否启用动态 Agent（默认 true） |
+| `channels.wecom.dynamicAgents.adminBypass` | boolean | 否 | 管理员是否跳过动态 Agent 路由（默认 false） |
 | `channels.wecom.dm.createAgentOnFirstMessage` | boolean | 否 | 私聊时为每个用户创建独立 Agent（默认 true） |
 | `channels.wecom.groupChat.enabled` | boolean | 否 | 是否启用群聊处理（默认 true） |
 | `channels.wecom.groupChat.requireMention` | boolean | 否 | 群聊是否必须 @ 提及才响应（默认 true） |
@@ -186,6 +190,15 @@ npm run test:e2e
 | `channels.wecom.agent.token` | string | 是 | 回调 Token (用于验证签名) |
 | `channels.wecom.agent.encodingAesKey` | string | 是 | 回调 EncodingAESKey (43 位) |
 
+#### 网络代理配置 (可选)
+
+用于 Agent / Webhook 等外发请求走固定出口代理（适用于企业微信固定 IP 白名单场景）。
+
+| 配置项 | 类型 | 必填 | 说明 |
+|--------|------|------|------|
+| `channels.wecom.network.egressProxyUrl` | string | 否 | 外发 HTTP(S) 代理地址，例如 `http://proxy:8080` |
+| `WECOM_EGRESS_PROXY_URL` | env | 否 | 环境变量方式配置代理，优先级高于 `channels.wecom.network.egressProxyUrl` |
+
 #### Webhook 配置 (可选)
 
 配置 Webhook Bot 用于群通知：
@@ -283,13 +296,16 @@ Webhook Bot 用于向群聊发送通知消息。
 
 ## 管理员用户
 
-管理员用户可以绕过指令白名单限制，并跳过动态 Agent 路由（直接路由到主 Agent）。
+管理员用户默认可以绕过指令白名单限制。若希望管理员用户同时跳过动态 Agent 路由（直接路由到主 Agent），可开启 `dynamicAgents.adminBypass`。
 
 ```json
 {
   "channels": {
     "wecom": {
-      "adminUsers": ["user1", "user2"]
+      "adminUsers": ["user1", "user2"],
+      "dynamicAgents": {
+        "adminBypass": true
+      }
     }
   }
 }
@@ -310,7 +326,7 @@ Webhook Bot 用于向群聊发送通知消息。
    - **多账号群聊**: `wecom-<accountId>-group-<chatId>`
 2. OpenClaw 自动创建/复用对应的 Agent 工作区
 3. 每个用户/群聊拥有独立的对话历史和上下文
-4. **管理员用户**跳过动态路由，直接使用主 Agent
+4. 管理员用户默认参与动态路由；当 `dynamicAgents.adminBypass=true` 时跳过动态路由，直接使用主 Agent
 
 ### 高级配置
 
@@ -338,6 +354,7 @@ Webhook Bot 用于向群聊发送通知消息。
 | 配置项 | 类型 | 默认值 | 说明 |
 |--------|------|--------|------|
 | `dynamicAgents.enabled` | boolean | `true` | 是否启用动态 Agent |
+| `dynamicAgents.adminBypass` | boolean | `false` | 管理员是否跳过动态 Agent 路由 |
 | `dm.createAgentOnFirstMessage` | boolean | `true` | 私聊使用动态 Agent |
 | `groupChat.enabled` | boolean | `true` | 启用群聊处理 |
 | `groupChat.requireMention` | boolean | `true` | 群聊必须 @ 提及才响应 |
@@ -372,6 +389,7 @@ Webhook Bot 用于向群聊发送通知消息。
         "token": "Bot1 的 Token",
         "encodingAesKey": "Bot1 的 EncodingAESKey",
         "adminUsers": ["admin1"],
+        "workspaceTemplate": "/path/to/bot1-template",
         "agent": {
           "corpId": "企业 CorpID",
           "corpSecret": "Bot1 应用 Secret",
@@ -405,6 +423,7 @@ Webhook Bot 用于向群聊发送通知消息。
 | 完全兼容 | 旧的单账号配置（`token` 直接写在 `wecom` 下）自动识别为 `default` 账号，无需修改 |
 | Webhook 路径 | 自动按账号分配：`/webhooks/wecom/bot1`、`/webhooks/wecom/bot2` |
 | Agent 回调路径 | 自动按账号分配：`/webhooks/app/bot1`、`/webhooks/app/bot2` |
+| 工作区模板 | 支持按账号自定义：`channels.wecom.<accountId>.workspaceTemplate`（覆盖全局配置） |
 | 动态 Agent ID | 按账号隔离：`wecom-bot1-dm-{userId}`、`wecom-bot2-group-{chatId}` |
 | 冲突检测 | 启动时自动检测重复的 Token 或 Agent ID，避免消息路由错乱 |
 

package/dynamic-agent.js

@@ -47,17 +47,21 @@ export function getDynamicAgentConfig(config) {
     groupEnabled: wecom.groupChat?.enabled !== false,
     groupRequireMention: wecom.groupChat?.requireMention !== false,
     groupMentionPatterns: wecom.groupChat?.mentionPatterns || ["@"],
+    adminBypass: wecom.dynamicAgents?.adminBypass === true,
   };
 }
 
 /**
  * Decide whether this message context should route to a dynamic agent.
  */
-export function shouldUseDynamicAgent({ chatType, config }) {
+export function shouldUseDynamicAgent({ chatType, config, senderIsAdmin = false }) {
   const dynamicConfig = getDynamicAgentConfig(config);
   if (!dynamicConfig.enabled) {
     return false;
   }
+  if (senderIsAdmin && dynamicConfig.adminBypass) {
+    return false;
+  }
   if (chatType === "group") {
     return dynamicConfig.groupEnabled;
   }

package/index.js

@@ -38,16 +38,18 @@ const plugin = {
     api.registerChannel({ plugin: wecomChannelPlugin });
     logger.info("WeCom channel registered");
 
-    // Register HTTP handler for webhooks.
-    // OpenClaw 2026.3.2+ removed registerHttpHandler; the primary route
-    // registration now happens in gateway.startAccount via registerPluginHttpRoute.
-    // Keep the legacy handler for backward compatibility with older versions.
-    if (typeof api.registerHttpHandler === "function") {
-      api.registerHttpHandler(wecomHttpHandler);
-      logger.info("WeCom HTTP handler registered (legacy wildcard)");
-    } else {
-      logger.info("WeCom: registerHttpHandler unavailable, routes registered via gateway lifecycle");
-    }
+    // Register webhook HTTP route with auth: "plugin" so gateway does NOT
+    // enforce Bearer-token auth. WeCom callbacks use msg_signature verification
+    // which the plugin handles internally.
+    // OpenClaw 3.2 removed registerHttpHandler; use registerHttpRoute with
+    // auth: "plugin" + match: "prefix" to handle all /webhooks/* paths.
+    api.registerHttpRoute({
+      path: "/webhooks",
+      handler: wecomHttpHandler,
+      auth: "plugin",
+      match: "prefix",
+    });
+    logger.info("WeCom HTTP route registered (auth: plugin, match: prefix)");
   },
 };
 

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@sunnoy/wecom",
-    "version": "1.5.1",
+    "version": "1.6.2",
     "description": "Enterprise WeChat AI Bot channel plugin for OpenClaw",
     "type": "module",
     "main": "index.js",

package/wecom/accounts.js

@@ -79,16 +79,17 @@ function buildAccount(accountId, accountCfg) {
     agent?.corpId && agent?.corpSecret && agent?.agentId && agent?.token && agent?.encodingAesKey,
   );
 
+  const hasBotTokens = Boolean(accountCfg?.token && accountCfg?.encodingAesKey);
+  const defaultPath = accountId === DEFAULT_ACCOUNT_ID ? "/webhooks/wecom" : `/webhooks/wecom/${accountId}`;
+
   return {
     accountId,
     name: accountCfg?.name || accountId,
     enabled: accountCfg?.enabled !== false,
-    configured: Boolean(accountCfg?.token && accountCfg?.encodingAesKey) || agentConfigured,
+    configured: hasBotTokens || agentConfigured,
     token: accountCfg?.token || "",
     encodingAesKey: accountCfg?.encodingAesKey || "",
-    webhookPath:
-      accountCfg?.webhookPath ||
-      (accountId === DEFAULT_ACCOUNT_ID ? "/webhooks/wecom" : `/webhooks/wecom/${accountId}`),
+    webhookPath: accountCfg?.webhookPath || (hasBotTokens ? defaultPath : ""),
     config: accountCfg || {},
     agentConfigured,
     agentInboundConfigured,

package/wecom/agent-inbound.js

@@ -292,12 +292,18 @@ async function processAgentMessage({
 
   const dynamicConfig = getDynamicAgentConfig(accountCfg);
   const targetAgentId =
-    dynamicConfig.enabled && shouldUseDynamicAgent({ chatType: peerKind, config: accountCfg })
+    dynamicConfig.enabled
+    && shouldUseDynamicAgent({
+      chatType: peerKind,
+      config: accountCfg,
+      senderIsAdmin,
+    })
       ? generateAgentId(peerKind, peerId, accountId)
       : null;
 
+  const templateDir = accountCfg?.workspaceTemplate || config?.channels?.wecom?.workspaceTemplate;
   if (targetAgentId) {
-    await ensureDynamicAgentListed(targetAgentId);
+    await ensureDynamicAgentListed(targetAgentId, templateDir);
     logger.debug("[agent-inbound] dynamic agent", { agentId: targetAgentId, peerId });
   }
 

package/wecom/channel-plugin.js

@@ -13,7 +13,7 @@ import { resolveWecomTarget } from "./target.js";
 import { webhookSendImage, webhookSendText, webhookUploadFile, webhookSendFile } from "./webhook-bot.js";
 import { normalizeWebhookPath, registerWebhookTarget } from "./webhook-targets.js";
 import { wecomFetch, setConfigProxyUrl } from "./http.js";
-import { createWecomRouteHandler } from "./http-handler.js";
+
 
 const AGENT_IMAGE_EXTS = new Set(["jpg", "jpeg", "png", "gif", "bmp"]);
 
@@ -92,6 +92,11 @@ export const wecomChannelPlugin = {
               description: "Enable per-user/per-group agent isolation",
               default: true,
             },
+            adminBypass: {
+              type: "boolean",
+              description: "When true, adminUsers bypass dynamic agent routing and use the default route",
+              default: false,
+            },
           },
         },
         dm: {
@@ -720,36 +725,21 @@ export const wecomChannelPlugin = {
         });
       }
 
-      const unregister = registerWebhookTarget({
-        path: account.webhookPath || "/webhooks/wecom",
-        account,
-        config: ctx.cfg,
-      });
-
-      // Register HTTP route with OpenClaw route framework.
-      // Uses registerPluginHttpRoute (new API in OpenClaw 2026.3.2+) for explicit
-      // path-based routing.  Falls back gracefully when the SDK is unavailable
-      // (older OpenClaw uses the legacy wildcard handler registered in index.js).
-      let unregisterBotRoute;
-      const botPath = account.webhookPath || "/webhooks/wecom";
-      try {
-        const { registerPluginHttpRoute } = await import("openclaw/plugin-sdk");
-        unregisterBotRoute = registerPluginHttpRoute({
+      let unregister;
+      const botPath = account.webhookPath;
+      if (botPath) {
+        unregister = registerWebhookTarget({
           path: botPath,
-          pluginId: "wecom",
-          accountId: account.accountId,
-          log: (msg) => logger.info(msg),
-          handler: createWecomRouteHandler(normalizeWebhookPath(botPath)),
+          account,
+          config: ctx.cfg,
         });
-        logger.info("WeCom Bot HTTP route registered", { path: botPath });
-      } catch {
-        // openclaw/plugin-sdk not available — rely on legacy registerHttpHandler.
-        logger.debug("registerPluginHttpRoute unavailable, using legacy handler", { path: botPath });
+        logger.info("WeCom Bot webhook path active", { path: botPath });
+      } else {
+        logger.debug("No Bot webhook path for this account, skipping", { accountId: account.accountId });
       }
 
       // Register Agent inbound webhook if agent inbound is fully configured.
       let unregisterAgent;
-      let unregisterAgentRoute;
       // Per-account agent path: /webhooks/app for default, /webhooks/app/{accountId} for others.
       const agentInboundPath = account.accountId === DEFAULT_ACCOUNT_ID
         ? "/webhooks/app"
@@ -778,22 +768,6 @@ export const wecomChannelPlugin = {
             config: ctx.cfg,
           });
           logger.info("WeCom Agent inbound webhook registered", { path: agentInboundPath });
-
-          // Register agent inbound HTTP route (new API).
-          try {
-            const { registerPluginHttpRoute } = await import("openclaw/plugin-sdk");
-            unregisterAgentRoute = registerPluginHttpRoute({
-              path: agentInboundPath,
-              pluginId: "wecom",
-              accountId: account.accountId,
-              source: "agent-inbound",
-              log: (msg) => logger.info(msg),
-              handler: createWecomRouteHandler(normalizeWebhookPath(agentInboundPath)),
-            });
-            logger.info("WeCom Agent inbound HTTP route registered", { path: agentInboundPath });
-          } catch {
-            logger.debug("registerPluginHttpRoute unavailable for agent inbound, using legacy handler");
-          }
         }
       }
 
@@ -804,10 +778,8 @@ export const wecomChannelPlugin = {
           clearTimeout(buf.timer);
         }
         messageBuffers.clear();
-        unregister();
-        if (unregisterBotRoute) unregisterBotRoute();
+        if (unregister) unregister();
         if (unregisterAgent) unregisterAgent();
-        if (unregisterAgentRoute) unregisterAgentRoute();
       };
 
       // Backward compatibility: older runtime may not pass abortSignal.

package/wecom/inbound-processor.js

@@ -241,12 +241,19 @@ export async function processInboundMessage({
 
   // Compute deterministic agent target for this conversation.
   const targetAgentId =
-    dynamicConfig.enabled && shouldUseDynamicAgent({ chatType: peerKind, config: account.config })
+    dynamicConfig.enabled
+    && shouldUseDynamicAgent({
+      chatType: peerKind,
+      config: account.config,
+      senderIsAdmin,
+    })
       ? generateAgentId(peerKind, peerId, account.accountId)
       : null;
 
+  // Resolve template directory: per-account or global.
+  const templateDir = account.config?.workspaceTemplate || config?.channels?.wecom?.workspaceTemplate;
   if (targetAgentId) {
-    await ensureDynamicAgentListed(targetAgentId);
+    await ensureDynamicAgentListed(targetAgentId, templateDir);
     logger.debug("Using dynamic agent", { agentId: targetAgentId, chatType: peerKind, peerId });
   } else if (senderIsAdmin) {
     logger.debug("Admin user, dynamic agent disabled for this chat type; falling back to default route", {

package/wecom/outbound-delivery.js

@@ -1,5 +1,5 @@
-import { readFile, access, stat } from "node:fs/promises";
-import { basename, join } from "node:path";
+import { readFile, stat } from "node:fs/promises";
+import { basename, isAbsolute, relative, resolve, sep } from "node:path";
 import { logger } from "../logger.js";
 import { streamManager } from "../stream-manager.js";
 import { agentSendText, agentUploadMedia, agentSendMedia } from "./agent-api.js";
@@ -19,10 +19,36 @@ const WECOM_MIN_FILE_SIZE = 5;
  * ~/.openclaw/workspace-{agentId} on the host.  Any path starting with
  * /workspace/ is transparently rewritten when an agentId is available.
  */
+export function resolveWorkspaceHostPathSafe({ workspaceDir, workspacePath }) {
+  const relativePath = String(workspacePath || "").replace(/^\/workspace\/?/, "");
+  if (!relativePath) {
+    return null;
+  }
+
+  const hostPath = resolve(workspaceDir, relativePath);
+  const rel = relative(workspaceDir, hostPath);
+  const escapesWorkspace = rel === ".." || rel.startsWith(`..${sep}`) || isAbsolute(rel);
+  if (escapesWorkspace) {
+    return null;
+  }
+  return hostPath;
+}
+
 function resolveHostPath(filePath, effectiveAgentId) {
   if (effectiveAgentId && filePath.startsWith("/workspace/")) {
-    const relative = filePath.slice("/workspace/".length);
-    const hostPath = join(resolveAgentWorkspaceDirLocal(effectiveAgentId), relative);
+    const workspaceDir = resolveAgentWorkspaceDirLocal(effectiveAgentId);
+    const hostPath = resolveWorkspaceHostPathSafe({
+      workspaceDir,
+      workspacePath: filePath,
+    });
+    if (!hostPath) {
+      logger.warn("Rejected unsafe /workspace/ path outside workspace", {
+        sandbox: filePath,
+        workspaceDir,
+        agentId: effectiveAgentId,
+      });
+      return null;
+    }
     logger.debug("Resolved sandbox path to host path", { sandbox: filePath, host: hostPath });
     return hostPath;
   }
@@ -110,6 +136,12 @@ export async function deliverWecomReply({ payload, senderId, streamId, agentId }
     for (const media of mediaMatches) {
       // Resolve /workspace/ sandbox paths to host-side paths.
       const resolvedMediaPath = resolveHostPath(media.path, effectiveAgentId);
+      if (!resolvedMediaPath) {
+        processedText = processedText
+          .replace(media.fullMatch, "⚠️ 检测到不安全的 /workspace/ 路径，已拒绝发送")
+          .trim();
+        continue;
+      }
       const mediaExt = resolvedMediaPath.split(".").pop()?.toLowerCase() || "";
       if (mediaImageExts.has(mediaExt)) {
         // Image: queue for delivery when stream finishes.
@@ -177,6 +209,15 @@ export async function deliverWecomReply({ payload, senderId, streamId, agentId }
       }
       // Resolve /workspace/ sandbox paths to host-side paths.
       absPath = resolveHostPath(absPath, effectiveAgentId);
+      if (!absPath) {
+        const unsafeHint = "⚠️ 检测到不安全的 /workspace/ 路径，已拒绝发送";
+        if (streamId && streamManager.hasStream(streamId)) {
+          streamManager.appendStream(streamId, `\n\n${unsafeHint}`);
+        } else {
+          processedText = processedText ? `${processedText}\n\n${unsafeHint}` : unsafeHint;
+        }
+        continue;
+      }
 
       const isLocal = absPath.startsWith("/");
       const mediaFilename = isLocal ? basename(absPath) : (basename(new URL(mediaPath).pathname) || "file");
@@ -298,19 +339,36 @@ export async function deliverWecomReply({ payload, senderId, streamId, agentId }
       const imageExtsAuto = new Set(["jpg", "jpeg", "png", "gif", "bmp", "webp"]);
 
       for (const wsPath of detectedPaths) {
-        // /workspace/foo.pdf → hostDir/foo.pdf
-        const relativePath = wsPath.replace(/^\/workspace\/?/, "");
-        if (!relativePath) continue;
-        const hostPath = join(workspaceDir, relativePath);
+        // /workspace/foo.pdf → hostDir/foo.pdf (with traversal guard)
+        const hostPath = resolveWorkspaceHostPathSafe({
+          workspaceDir,
+          workspacePath: wsPath,
+        });
+        if (!hostPath) {
+          processedText = processedText.replace(wsPath, "⚠️ 检测到不安全的 /workspace/ 路径，已拒绝发送");
+          logger.warn("Auto-detect: rejected unsafe /workspace/ path", {
+            streamId,
+            wsPath,
+            workspaceDir,
+          });
+          continue;
+        }
         const filename = basename(hostPath);
         const ext = filename.split(".").pop()?.toLowerCase() || "";
 
         // Skip image files — they are handled by the stream msg_item mechanism.
         if (imageExtsAuto.has(ext)) continue;
 
-        // Check file existence on host.
+        // Check the path exists on host and is a regular file.
         try {
-          await access(hostPath);
+          const st = await stat(hostPath);
+          if (!st.isFile()) {
+            logger.debug("Auto-detect: path is not a regular file, skipping", {
+              wsPath,
+              hostPath,
+            });
+            continue;
+          }
         } catch {
           logger.debug("Auto-detect: workspace file not found on host, skipping", {
             wsPath,

package/wecom/workspace-template.js

@@ -36,9 +36,13 @@ export function getWorkspaceTemplateDir(config) {
  * Copy template files into a newly created agent's workspace directory.
  * Only copies files that don't already exist (writeFileIfMissing semantics).
  * Silently skips if workspaceTemplate is not configured or directory is missing.
+ *
+ * @param {string} agentId
+ * @param {object} config - OpenClaw config
+ * @param {string} [overrideTemplateDir] - Optional per-account template directory
  */
-export function seedAgentWorkspace(agentId, config) {
-  const templateDir = getWorkspaceTemplateDir(config);
+export function seedAgentWorkspace(agentId, config, overrideTemplateDir) {
+  const templateDir = overrideTemplateDir || getWorkspaceTemplateDir(config);
   if (!templateDir) {
     return;
   }
@@ -114,7 +118,7 @@ export function upsertAgentIdOnlyEntry(cfg, agentId) {
   return changed;
 }
 
-export async function ensureDynamicAgentListed(agentId) {
+export async function ensureDynamicAgentListed(agentId, templateDir) {
   const normalizedId = String(agentId || "")
     .trim()
     .toLowerCase();
@@ -128,28 +132,22 @@ export async function ensureDynamicAgentListed(agentId) {
     return;
   }
 
-  const queue = getEnsureDynamicAgentWriteQueue()
+  const queue = (getEnsureDynamicAgentWriteQueue() || Promise.resolve())
     .then(async () => {
-      const latestConfig = configRuntime.loadConfig();
-      if (!latestConfig || typeof latestConfig !== "object") {
+      const openclawConfig = getOpenclawConfig();
+      if (!openclawConfig || typeof openclawConfig !== "object") {
         return;
       }
 
-      const changed = upsertAgentIdOnlyEntry(latestConfig, normalizedId);
+      // Upsert into memory only. Writing to config file is dangerous and can wipe user settings.
+      const changed = upsertAgentIdOnlyEntry(openclawConfig, normalizedId);
       if (changed) {
-        await configRuntime.writeConfigFile(latestConfig);
-        logger.info("WeCom: dynamic agent added to agents.list", { agentId: normalizedId });
+        logger.info("WeCom: dynamic agent added to in-memory agents.list", { agentId: normalizedId });
       }
+      
       // Always attempt seeding so recreated/cleaned dynamic agents can recover
-      // template files even when the id already exists in agents.list.
-      seedAgentWorkspace(normalizedId, latestConfig);
-
-      // Keep runtime in-memory config aligned to avoid stale reads in this process.
-      const openclawConfig = getOpenclawConfig();
-      if (openclawConfig && typeof openclawConfig === "object") {
-        upsertAgentIdOnlyEntry(openclawConfig, normalizedId);
-        setOpenclawConfig(openclawConfig);
-      }
+      // template files.
+      seedAgentWorkspace(normalizedId, openclawConfig, templateDir);
 
       getEnsuredDynamicAgentIds().add(normalizedId);
     })